From: phcoder <phcoder@gmail.com>
To: The development of GRUB 2 <grub-devel@gnu.org>
Subject: Re: GRUB trusted boot framework
Date: Sun, 22 Feb 2009 22:16:02 +0100 [thread overview]
Message-ID: <49A1C092.5040309@gmail.com> (raw)
In-Reply-To: <49A1A47F.30701@student.ethz.ch>
> Oh, I want!
> If I remember correctly, exactly this broke the protection on some game console!
Do you refer to Xbox crack based on King kong game? For once their goal
is the evil one. For second the problem is a buffer overflow in
rendering engine, not the not checking part. If you want to make a
secure system it must be free of such bugs. Or you may as well hash the
whole hd and be hacked through network code. Here is where advantages of
open developement come in play
>
> But how do I get it into every possible loader?
s/grub_gzio_open(filename, 1)/grub_gnupg_open(filename, GZIO_TRANSPARENT)
s/grub_file_open(filename)/grub_gnupg_open(filename, 0)
> I also checked the loopback code and it uses the standard grub_file_read, so for
> these cases a read version without a hook would be needed.
Then how is your proposition with two file read functions different from
mine with two file read functions? What can be proposed is to merge
somehow all opening functions into one with following protype
grub_file_open (const char *filename, int flags, struct grub_file_info
*info)
Then on opening the function will do the default behavior with possible
override possible through flags. It has an advantage of future
expandability for possible new transparent transformations
>
> By the way we're assuming here, that every file-system driver is free of
> exploitable bugs!
> To avoid this a real disk read hook would be needed, but of course that is
> largely impractical. (There might be options with "sparce" hashing - meaning
> only hashing the parts that are actually read, and including the map of read
> areas into the final hash)
And then after a minor write or fs self-maintenance it suddenly stops
working. You may as well not boot at all. Perfectly secure booter in 2
bytes of x86-assembly:
eb fe : self: jmp self
>
> Greets,
>
> Jan
Regards
Vladimir 'phcoder' Serbinenko
next prev parent reply other threads:[~2009-02-22 21:16 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-22 13:27 GRUB trusted boot framework Jan Alsenz
2009-02-22 13:56 ` phcoder
2009-02-22 15:12 ` Jan Alsenz
2009-02-22 15:42 ` phcoder
2009-02-22 16:48 ` Jan Alsenz
2009-02-22 17:15 ` phcoder
2009-02-22 16:07 ` Vesa Jääskeläinen
2009-02-22 18:31 ` Jan Alsenz
2009-02-22 18:45 ` Vesa Jääskeläinen
2009-02-22 19:16 ` Jan Alsenz
2009-02-22 21:16 ` phcoder [this message]
2009-02-22 23:04 ` Jan Alsenz
2009-02-22 23:55 ` phcoder
2009-02-23 7:51 ` Jan Alsenz
2009-02-27 20:42 ` Robert Millan
2009-02-27 21:56 ` GRUB hardened " Jan Alsenz
2009-02-27 22:15 ` phcoder
2009-02-27 22:22 ` Robert Millan
2009-02-27 22:55 ` phcoder
2009-02-27 23:08 ` Robert Millan
2009-02-27 23:16 ` phcoder
2009-02-27 23:10 ` Jan Alsenz
2009-02-27 23:18 ` phcoder
2009-02-27 23:26 ` Robert Millan
2009-02-28 0:07 ` Jan Alsenz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49A1C092.5040309@gmail.com \
--to=phcoder@gmail.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.